Configuring 802.1x, Configuration prerequisites, 1x configuration task list – H3C Technologies H3C S12500-X Series Switches User Manual

Page 82

Configuring 802.1X

This chapter describes how to configure 802.1X on an H3C device. You can also configure the port

security feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication.

It applies to a network, a WLAN, for example, that requires different authentication methods for different
users on a port. It is described in "

760H

Configuring port security

35B

H3C implementation of 802.1X

H3C implements port-based access control as defined in the 802.1X protocol, and extends the protocol

to support MAC-based access control.

•

Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent

user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.

•

MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
no other online users are affected.

36B

Configuration prerequisites

•

Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.

•

If RADIUS authentication is used, create user accounts on the RADIUS server.

•

If local authentication is used, create local user accounts on the access device and set the service

type to lan-access.

For more information about RADIUS client and local EAP authentication configuration, see "

761H

Configuring

AAA

37B

802.1X configuration task list

Tasks at a glance

(Required.)

762H

Enabling 802.1X

(Required.)

763H

Enabling EAP relay or EAP termination

(Optional.)

764H

Setting the port authorization state

(Optional.)

765H

Specifying an access control method

(Optional.)

766H

Setting the maximum number of concurrent 802.1X users on a port

(Optional.)

767H

Setting the maximum number of authentication request attempts

(Optional.)

768H

Setting the 802.1X authentication timeout timers

(Optional.)

769H

Configuring the online user handshake function

(Optional.)

770H

Configuring the authentication trigger function

(Optional.)

771H

Specifying a mandatory authentication domain on a port

This manual is related to the following products:

H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches